| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E4C0B65A-27A4-4FD8-8A70-4C07B8090A58@linux.dev> Date: Thu, 13 Feb 2025 20:22:20 +0100 From: Thorsten Blum <thorsten.blum@...ux.dev> To: David Laight <david.laight.linux@...il.com> Cc: Don Brace <don.brace@...rochip.com>, "James E.J. Bottomley" <James.Bottomley@...senPartnership.com>, "Martin K. Petersen" <martin.petersen@...cle.com>, linux-hardening@...r.kernel.org, storagedev@...rochip.com, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] scsi: hpsa: Replace deprecated strncpy() with strscpy_pad() On 13. Feb 2025, at 20:14, David Laight wrote: > On Wed, 12 Feb 2025 23:43:53 +0100 > Thorsten Blum <thorsten.blum@...ux.dev> wrote: > >> strncpy() is deprecated for NUL-terminated destination buffers [1]. >> >> Replace memset() and strncpy() with strscpy_pad() to copy the version >> string and fill the remaining bytes in the destination buffer with NUL >> bytes. This avoids zeroing the memory before copying the string. >> >> Compile-tested only. >> >> Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1] >> Cc: linux-hardening@...r.kernel.org >> Signed-off-by: Thorsten Blum <thorsten.blum@...ux.dev> >> --- > > Wrong. > That will truncate maximum length strings. Yes, I sent a v2 to fix this already. https://lore.kernel.org/r/20250213114047.2366-2-thorsten.blum@linux.dev/ Thanks, Thorsten
Powered by blists - more mailing lists